Cybersecurity in IoT: Achieving Digital Security in an Age of Surveillance

In the 2006 science fiction thriller Déjá Vu, Denzel Washington plays a government agent who uses novel government technology to fold time and space back onto itself so that he can retroactively prevent a terrorist attack. It’s a creative interpretation of the concept of déjà vu, and, of course, Washington’s character uses this technology only for good. While the idea of literally bending time and space to repeat the past is relegated to science fiction, the film raises important questions about the ethics and prevalence of government surveillance, which are particularly prescient for our modern times.

As part of the natural evolution of technology, the internet of things (IoT) has established itself as one of the most transformative innovations of our time. IoT is a simple process of connecting existing devices to the internet so that they can send and receive data that allows them to act independently. Dubbed “smart” devices, they are becoming incredibly popular. We are connecting billions of IoT devices to the internet, and Gartner predicts that we will connect more than 20 billion IoT devices by 2020. This includes everything from smart home systems to driverless cars. The full range of the ordinary to the extraordinary is represented by the IoT.

Unfortunately, all of these connected devices and the troves of data that they transmit through the internet are fodder for government surveillance. As Shay Hershkovitz eloquently wrote in Wired, “There is little doubt that the web is the greatest gift that any intelligence agency could have ever asked for.” The internet is a place where we willingly provide our personal data to companies and governments in exchange for the pale privilege of surfing the web.

This is especially true with IoT. All of our connected devices continuously broadcast our information, and the collection can be used in unimaginable ways. Former director of national intelligence James Clapper said during congressional testimony that “In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment or to gain access to networks or users credentials.

Even for people with nothing to hide, this is a concerning statement. With all the data shared through IoT, it’s almost like surveillance projects do have the ability to bend time and space to repeat the past.

Fortunately, we are making progress here with the development of blockchain technology, the decentralized ledger system that’s enabling and securing the most valuable cryptocurrencies in the world, and is also offering security solutions for IoT that may allow the practice to thrive while still preserving privacy and security.

The blockchain decentralizes the network.

One of the obvious but unique aspects of IoT is that all of its devices broadcast their information through the internet. Even two devices sitting directly next to one another will communicate across millions of miles of internet infrastructure. Since these devices broadcast through cloud services housed in centralized servers, there are evident and vulnerable points of attack or surveillance.

The blockchain runs a decentralized ledger system, which distributes information across a network of computers and uses a consensus algorithm to ensure parity. IBMembraces this approach in its IoT for business products, noting that the blockchain “enables your business partners to access and supply IoT data without the need for a central authority or management.”

Moreover, according to Deloitte, IBM and Samsung have put together a proof of concept using the Ethereum blockchain to improve the technical capabilities of IoT and to enhance its security. Their product has secured financing from Verizon Ventures, the investment division of Verizon Communications, which indicates that the security enhancements produced by decentralization are offering promising results.

The blockchain enables tokenized information.

The blockchain was initially conceived by bitcoin developers to facilitate p2p transactions without the use of an intermediary like a bank. It’s been pretty successful so far, and this same concept can be applied to IoT. The creation of unique IoT related tokens can allow individuals to participate in the ecosystem while still protecting their most vulnerable information.

In many ways, tokenized information is the perfect balance between accessibility and privacy. After all, the IoT becomes a lot less compelling if it can’t adapt to your use-cases. In this case, the token acts as a substitute for a person’s actual information. Therefore, IoT can achieve a personal connection without ever revealing any personal information. It’s an ironic scenario, but it’s one that makes all the difference in preserving privacy.

The blockchain is unchangeable.

One of the most troubling aspects of government surveillance is their ability to conceal their actions. Without whistleblowers like Edward Snowden or ironic hacks on government databases, the extent of surveillance is rarely known or understood. The blockchain offers a transparent framework that records activity and ensures that records cannot be tampered with.

The blockchain’s transparency is a hallmark of the platform, and it’s a valuable measure toward ensuring that user’s data is accurate, intact, and secure. There is no slowing IoT development, and that’s a good thing. With the blockchain, IoT can secure users’ privacy before it becomes a commodity of government surveillance programs.

Unfortunately, we know that surveillance programs rarely play the heroic role that they do in films like Déjà vu. In fact, for IoT to ignore this fact would cause some unfortunate déjà vu as it falls victim to the same privacy violations already plaguing the internet.